CVSS: 6.8EPSS: 0%CPEs: 206EXPL: 0CVE-2023-22455 – Discourse vulnerable to Cross-site Scripting through tag descriptions
https://notcve.org/view.php?id=CVE-2023-22455
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. Versions 2.8.14 and 3.0.0.beta16 contain a patch. • https://github.com/discourse/discourse/commit/692329896ac64d8581947e977202c243eef3b5a2 https://github.com/discourse/discourse/security/advisories/GHSA-5rq6-466r-6mr9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 206EXPL: 0CVE-2023-22454 – Discourse vulnerable to Cross-site Scripting through pending post titles descriptions
https://notcve.org/view.php?id=CVE-2023-22454
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has the "require moderator approval of all new topics" setting set. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. A patch is available in versions 2.8.14 and 3.0.0.beta16. • https://github.com/discourse/discourse/commit/c0e2d7badac276d82a4056a994b48d68a8993a12 https://github.com/discourse/discourse/security/advisories/GHSA-ggq4-4qxc-c462 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 206EXPL: 0CVE-2023-22453 – Discourse vulnerable to exposure of user post counts per topic to unauthorized users
https://notcve.org/view.php?id=CVE-2023-22453
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username.json` endpoint. The issue is patched in version 2.8.14 and 3.0.0.beta16. There is no known workaround. • https://github.com/discourse/discourse/commit/cbcf8a064b4889a19c991641e09c399bfa1ef2ad https://github.com/discourse/discourse/security/advisories/GHSA-xx97-6494-p2rv • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 206EXPL: 0CVE-2022-46177 – Discourse password reset link can lead to in account takeover if user changes to a new email
https://notcve.org/view.php?id=CVE-2022-46177
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old reset email is used to reset the password, the Discourse account's primary email would be re-linked to the old email. If the old email address is compromised or has transferred ownership, this leads to an account takeover. This is however mitigated by the SiteSetting `email_token_valid_hours` which is currently 48 hours. • https://github.com/discourse/discourse/commit/4bf306f0e3bf54a9ef9c5886bf1cfb85c20da570 https://github.com/discourse/discourse/commit/83944213b2b2454af80d0407f60d67641b1f0b38 https://github.com/discourse/discourse/security/advisories/GHSA-5www-jxvf-vrc3 • CWE-613: Insufficient Session Expiration •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-23546 – Discourse vulnerable to private topic leak via email#send_digest
https://notcve.org/view.php?id=CVE-2022-23546
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue. • https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8 https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •